OPPG-414: Specific permission for updating libraries

Added a permission. Added a new function to H5PFrameworkInterface for testing if allowed to update library Added apropriate tests.
2013-06-30 16:39:17 +02:00 · 2013-06-30 16:39:17 +02:00 · 312bd0f8b5
parent a34d0ea3e7
commit 312bd0f8b5
1 changed files with 24 additions and 1 deletions
--- a/h5p.classes.php
+++ b/h5p.classes.php
@ -70,7 +70,7 @@ interface H5PFrameworkInterface {
  public function getLibraryId($machineName, $majorVersion, $minorVersion);
  
  /**
-   * Is the library a patched version of an excisting library?
+   * Is the library a patched version of an existing library?
   * 
   * @param object $library
   *  The library data for a library we are checking
@ -80,6 +80,17 @@ interface H5PFrameworkInterface {
   */
  public function isPatchedLibrary($library);
  
+  /**
+   * Is the current user allowed to update the library data?
+   *
+   * @param object $library
+   *  The library data for a library we are checking
+   * @return boolean
+   *  TRUE if the user us allowed to update with the given library data OR the library already exists with the current version levels.
+   *  FALSE if the user is not allowed to update or create the library.
+   */
+  public function isAllowedLibraryUpdate($library);
+
  /**
   * Store data about a library
   * 
@ -422,6 +433,12 @@ class H5PValidator {
      return FALSE;
    }

+    // check if allowed to update this library
+    if (! $this->h5pF->isAllowedLibraryUpdate($h5pData)) {
+      $this->h5pF->setErrorMessage($this->h5pF->t('Not allowed to update library %name', array('%name' => $h5pData['machineName'])));
+      return FALSE;
+    }
+
    // validate json if a semantics file is provided
    $semanticsPath = $filePath . DIRECTORY_SEPARATOR . 'semantics.json';
    if (file_exists($semanticsPath)) {
@ -813,6 +830,12 @@ class H5PStorage {
        $library['saveDependencies'] = FALSE;
        continue;
      }
+      // If we're not allowed to save, we should not be here at all. But just
+      // in case, we check again.
+      if (! $this->h5pF->isAllowedLibraryUpdate($library)) {
+        continue;
+      }
+
      $this->h5pF->saveLibraryData($library, $new);
      
      $current_path = $this->h5pF->getUploadedH5pFolderPath() . DIRECTORY_SEPARATOR . $key;